Open Closed

Authentication issue - WindowsCryptographicException: Keyset does not exist #5540


User avatar
0
AbpRaven created
  • ABP Framework version: v6.0.0
  • UI Type: Angular
  • Database System: EF Core (SQL Server)
  • Steps to reproduce the issue: The app has been working fine until today. Now when I try to log in from Angular app, I get this error. This issue only reproduces on local dev environment.
  • Exception message and full stack trace: [auth-server_41eb61d1-e]: [19:51:36 DBG] An exception was thrown by OpenIddict.Server.OpenIddictServerHandlers+GenerateIdentityModelAccessToken while handling the OpenIddict.Server.OpenIddictServerEvents+ProcessSignInContext event. [auth-server_41eb61d1-e]: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Keyset does not exist [auth-server_41eb61d1-e]: at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions) [auth-server_41eb61d1-e]: at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider) [auth-server_41eb61d1-e]: at Internal.Cryptography.Pal.CertificatePal.GetPrivateKey[T](Func2 createCsp, Func2 createCng) [auth-server_41eb61d1-e]: at Internal.Cryptography.Pal.CertificatePal.GetRSAPrivateKey() [auth-server_41eb61d1-e]: at Internal.Cryptography.Pal.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate1 matchesConstraints) [auth-server_41eb61d1-e]: at System.Security.Cryptography.X509Certificates.RSACertificateExtensions.GetRSAPrivateKey(X509Certificate2 certificate) [auth-server_41eb61d1-e]: at Microsoft.IdentityModel.Tokens.X509SecurityKey.get_PrivateKey() [auth-server_41eb61d1-e]: at Microsoft.IdentityModel.Tokens.X509SecurityKey.get_PrivateKeyStatus() [auth-server_41eb61d1-e]: at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.FoundPrivateKey(SecurityKey key) [auth-server_41eb61d1-e]: at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider..ctor(SecurityKey key, String algorithm, Boolean willCreateSignatures) [auth-server_41eb61d1-e]: at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider..ctor(SecurityKey key, String algorithm, Boolean willCreateSignatures, CryptoProviderFactory cryptoProviderFactory) [auth-server_41eb61d1-e]: at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures, Boolean cacheProvider) [auth-server_41eb61d1-e]: at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForSigning(SecurityKey key, String algorithm, Boolean cacheProvider) [auth-server_41eb61d1-e]: at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForSigning(SecurityKey key, String algorithm) [auth-server_41eb61d1-e]: at Microsoft.IdentityModel.JsonWebTokens.JwtTokenUtilities.CreateEncodedSignature(String input, SigningCredentials signingCredentials) [auth-server_41eb61d1-e]: at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.CreateTokenPrivate(JObject payload, SigningCredentials signingCredentials, EncryptingCredentials encryptingCredentials, String compressionAlgorithm, IDictionary2 additionalHeaderClaims, String tokenType) [auth-server_41eb61d1-e]: at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.CreateToken(SecurityTokenDescriptor tokenDescriptor) [auth-server_41eb61d1-e]: at OpenIddict.Server.OpenIddictServerHandlers.GenerateIdentityModelAccessToken.HandleAsync(ProcessSignInContext context) [auth-server_41eb61d1-e]: at OpenIddict.Server.OpenIddictServerDispatcher.DispatchAsync[TContext](TContext context) [auth-server_41eb61d1-e]: at OpenIddict.Server.OpenIddictServerDispatcher.DispatchAsync[TContext](TContext context) [auth-server_41eb61d1-e]: at OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandler.SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties) [auth-server_41eb61d1-e]: [19:51:36 INF] Executed action Volo.Abp.OpenIddict.Controllers.TokenController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore) in 256.9522ms [auth-server_41eb61d1-e]: [19:51:36 INF] Executed endpoint 'Volo.Abp.OpenIddict.Controllers.TokenController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)' [auth-server_41eb61d1-e]: [19:51:36 DBG] Added 0 entity changes to the current audit log [auth-server_41eb61d1-e]: [19:51:36 DBG] Added 0 entity changes to the current audit log [auth-server_41eb61d1-e]: [19:51:36 DBG] Added 0 entity changes to the current audit log [auth-server_41eb61d1-e]: [19:51:36 ERR] An unhandled exception has occurred while executing the request. [auth-server_41eb61d1-e]: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Keyset does not exist [auth-server_41eb61d1-e]: at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions) [auth-server_41eb61d1-e]: at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider) [auth-server_41eb61d1-e]: at Internal.Cryptography.Pal.CertificatePal.GetPrivateKey[T](Func2 createCsp, Func2 createCng) [auth-server_41eb61d1-e]: at Internal.Cryptography.Pal.CertificatePal.GetRSAPrivateKey() [auth-server_41eb61d1-e]: at Internal.Cryptography.Pal.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate1 matchesConstraints) [auth-server_41eb61d1-e]: at System.Security.Cryptography.X509Certificates.RSACertificateExtensions.GetRSAPrivateKey(X509Certificate2 certificate) [auth-server_41eb61d1-e]: at Microsoft.IdentityModel.Tokens.X509SecurityKey.get_PrivateKey() [auth-server_41eb61d1-e]: at Microsoft.IdentityModel.Tokens.X509SecurityKey.get_PrivateKeyStatus() [auth-server_41eb61d1-e]: at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.FoundPrivateKey(SecurityKey key) [auth-server_41eb61d1-e]: at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider..ctor(SecurityKey key, String algorithm, Boolean willCreateSignatures) [auth-server_41eb61d1-e]: at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider..ctor(SecurityKey key, String algorithm, Boolean willCreateSignatures, CryptoProviderFactory cryptoProviderFactory) [auth-server_41eb61d1-e]: at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures, Boolean cacheProvider) [auth-server_41eb61d1-e]: at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForSigning(SecurityKey key, String algorithm, Boolean cacheProvider) [auth-server_41eb61d1-e]: at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForSigning(SecurityKey key, String algorithm) [auth-server_41eb61d1-e]: at Microsoft.IdentityModel.JsonWebTokens.JwtTokenUtilities.CreateEncodedSignature(String input, SigningCredentials signingCredentials) [auth-server_41eb61d1-e]: at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.CreateTokenPrivate(JObject payload, SigningCredentials signingCredentials, EncryptingCredentials encryptingCredentials, String compressionAlgorithm, IDictionary2 additionalHeaderClaims, String tokenType) [auth-server_41eb61d1-e]: at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.CreateToken(SecurityTokenDescriptor tokenDescriptor) [auth-server_41eb61d1-e]: at OpenIddict.Server.OpenIddictServerHandlers.GenerateIdentityModelAccessToken.HandleAsync(ProcessSignInContext context) [auth-server_41eb61d1-e]: at OpenIddict.Server.OpenIddictServerDispatcher.DispatchAsync[TContext](TContext context) [auth-server_41eb61d1-e]: at OpenIddict.Server.OpenIddictServerDispatcher.DispatchAsync[TContext](TContext context) [auth-server_41eb61d1-e]: at OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandler.SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties) [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Authentication.AuthenticationService.SignInAsync(HttpContext context, String scheme, ClaimsPrincipal principal, AuthenticationProperties properties) [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeResultAsync>g__Logged|22_0(ResourceInvoker invoker, IActionResult result) [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResultFilterAsync>g__Awaited|30_0[TFilter,TFilterAsync](ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResultExecutedContextSealed context) [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.ResultNext[TFilter,TFilterAsync](State& next, Scope& scope, Object& state, Boolean& isCompleted) [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeResultFilters>g__Awaited|28_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context) [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker) [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker) [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger) [auth-server_41eb61d1-e]: at Volo.Abp.AspNetCore.Auditing.AbpAuditingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) [auth-server_41eb61d1-e]: at Volo.Abp.AspNetCore.Auditing.AbpAuditingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() [auth-server_41eb61d1-e]: --- End of stack trace from previous location --- [auth-server_41eb61d1-e]: at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext) [auth-server_41eb61d1-e]: at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider) [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) [auth-server_41eb61d1-e]: at Volo.Abp.AspNetCore.Uow.AbpUnitOfWorkMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() [auth-server_41eb61d1-e]: --- End of stack trace from previous location --- [auth-server_41eb61d1-e]: at Volo.Abp.AspNetCore.ExceptionHandling.AbpExceptionHandlingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) [auth-server_41eb61d1-e]: at Volo.Abp.AspNetCore.ExceptionHandling.AbpExceptionHandlingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() [auth-server_41eb61d1-e]: --- End of stack trace from previous location --- [auth-server_41eb61d1-e]: at Volo.Abp.AspNetCore.Serilog.AbpSerilogMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() [auth-server_41eb61d1-e]: --- End of stack trace from previous location --- [auth-server_41eb61d1-e]: at Volo.Abp.AspNetCore.MultiTenancy.MultiTenancyMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() [auth-server_41eb61d1-e]: --- End of stack trace from previous location --- [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Builder.ApplicationBuilderAbpOpenIddictMiddlewareExtension.<>c__DisplayClass0_0.<<UseAbpOpenIddictValidation>b__0>d.MoveNext() [auth-server_41eb61d1-e]: --- End of stack trace from previous location --- [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) [auth-server_41eb61d1-e]: at Prometheus.HttpMetrics.HttpRequestDurationMiddleware.Invoke(HttpContext context) [auth-server_41eb61d1-e]: at Prometheus.HttpMetrics.HttpRequestCountMiddleware.Invoke(HttpContext context) [auth-server_41eb61d1-e]: at Prometheus.HttpMetrics.HttpInProgressMiddleware.Invoke(HttpContext context) [auth-server_41eb61d1-e]: at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() [auth-server_41eb61d1-e]: --- End of stack trace from previous location --- [auth-server_41eb61d1-e]: at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() [auth-server_41eb61d1-e]: --- End of stack trace from previous location --- [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context) [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.RequestLocalization.AbpRequestLocalizationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() [auth-server_41eb61d1-e]: --- End of stack trace from previous location --- [auth-server_41eb61d1-e]: at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context) [auth-server_41eb61d1-e]: [19:51:36 INF] Request finished HTTP/2 POST https://localhost:44322/connect/token application/x-www-form-urlencoded 381 - 500 - text/plain;+charset=utf-8 340.6077ms

7 Answer(s)
  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hi,

    Can you try this solution. https://support.abp.io/QA/Questions/3537/OpenIddict-WindowsCryptographicException-Access-is-denied

  • User Avatar
    0
    AbpRaven created

    Hi,

    Can you try this solution. https://support.abp.io/QA/Questions/3537/OpenIddict-WindowsCryptographicException-Access-is-denied

    Hi I don't have IIS on my local machine. I am not deploying an application. I am running a project locally for development and am getting this error.

  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hi,

    Have you gone through this docs. https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html#registering-a-development-certificate That was mentioned in the ticket that was shared?

  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hi,

    I am not able to reproduce this issue from a newly create app (6.0.0) on abp suite. Could you please share your project to support@abp.io.?

  • User Avatar
    0
    AbpRaven created

    Hi,

    I am not able to reproduce this issue from a newly create app (6.0.0) on abp suite. Could you please share your project to support@abp.io.?

    This problem is not with source. Could you explain me what it is "localhost.conf"?

  • User Avatar
    0
    AbpRaven created

    and next question. at what point these certificates are installed

  • User Avatar
    1
    AbpRaven created

    We solved the issue. Just remove these certificate and create a new ones.

Made with ❤️ on ABP v9.1.0-preview. Updated on November 11, 2024, 11:11